{"id":90180,"date":"2019-11-11T09:00:11","date_gmt":"2019-11-11T17:00:11","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=90180"},"modified":"2023-05-15T23:28:42","modified_gmt":"2023-05-16T06:28:42","slug":"zero-trust-strategy-what-good-looks-like","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/","title":{"rendered":"Zero Trust strategy\u2014what good looks like"},"content":{"rendered":"<p>Zero Trust has managed to both inspire and confuse the cybersecurity industry at the same time. A significant reason for the confusion is that Zero Trust isn\u2019t a specific technology, but a security strategy (and arguably the first formal strategy, as I recently heard Dr. Chase Cunningham, Principal Analyst at Forrester, aptly point out).<\/p>\n<p>Microsoft believes that the Zero Trust strategy should be woven throughout your organization\u2019s architectures, technology selections, operational processes, as well as the throughout the culture of your organization and mindset of your people.<\/p>\n<p>Zero Trust will build on many of your existing security investments, so you may already have made progress on this journey. Microsoft is publishing learnings and guidance from many perspectives to help organizations understand, anticipate, and manage the implications of this new strategy. This guidance will continue to grow as we learn more. A few highlights include:<\/p>\n<ul>\n<li><a href=\"https:\/\/download.microsoft.com\/download\/f\/9\/2\/f92129bc-0d6e-4b8e-a47b-288432bae68e\/Zero_Trust_Vision_Paper_Final%2010.28.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Maturity model<\/a>\u2014Describes the Zero Trust journey.<\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/ciso-workshop-module-3\" target=\"_blank\" rel=\"noopener noreferrer\">CISO Workshop Module 3: Identity and Zero Trust User Access<\/a>\u2014Learn how to advance Zero Trust with your identity and user access strategy.<\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/29\/improve-security-zero-trust-access-model\/\" target=\"_blank\" rel=\"noopener noreferrer\">Improve security with a Zero Trust access model<\/a>\u2014Microsoft Corporate Vice President and CISO, Bret Arsenault, describes how Microsoft is approaching Zero Trust with advice for applying learnings to your organization.<\/li>\n<li><a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RE3YnRL\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust: A new era of security<\/a>\u2014E-book summarizing dynamics of Zero Trust and how Microsoft technology supports it today.<\/li>\n<li><a href=\"https:\/\/aka.ms\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust landing page<\/a>\u2014Overview and links to resources, assessments, etc.<\/li>\n<\/ul>\n<p>In previous posts of this series, we described Microsoft\u2019s <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/23\/perimeter-based-network-defense-transform-zero-trust-model\/\" target=\"_blank\" rel=\"noopener noreferrer\">vision for an optimal Zero Trust model<\/a> and the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/10\/29\/improve-security-zero-trust-access-model\/\" target=\"_blank\" rel=\"noopener noreferrer\">journey of our own IT<\/a> organization from a classic enterprise security to Zero Trust. Today, we focus on what a good strategy looks like and recommended prioritization (with a bit of history for context).<\/p>\n<blockquote><p>Zero Trust security continuously validates trustworthiness of each entity in your enterprise (identities, applications and services, devices) starting each with a trust level of zero.<\/p><\/blockquote>\n<h3>Evolution of security strategy<\/h3>\n<p>The central challenge of cybersecurity is that the IT environment we defend is highly complex, leading security departments (often with limited budgets\/resources) to find efficient ways to mitigate risk of advanced, intelligent, and continuously evolving attackers.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90181 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-1.png\" alt=\"\" width=\"1812\" height=\"880\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-1.png 1812w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-1-300x146.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-1-768x373.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-1-1024x497.png 1024w\" sizes=\"(max-width: 1812px) 100vw, 1812px\" \/><\/a><\/p>\n<p>Most enterprises started with the use of a \u201ctrusted enterprise network,\u201d but have since found fundamental limitations of that broad trust approach. This creates a natural pressure to remove the \u201cshortcut\u201d of a trusted enterprise network and do the hard work of measuring and acting on the trustworthiness of each entity.<\/p>\n<h3>Network or identity? Both (and more)!<\/h3>\n<p>The earliest coherent descriptions of the Zero Trust idea can be traced to proposals in the wake of the major wave of cybersecurity attacks. Beginning in the early 2000s, businesses and IT organizations were rocked by worms like ILOVEYOU, Nimda, and SQL Slammer. While painful, these experiences were a catalyst for positive security initiatives like Microsoft\u2019s Security Development Lifecycle (SDL) and began serious discussions on improving computer security. The strategy discussions during this timeframe formed into two main schools of thought\u2014network and identity:<\/p>\n<ul>\n<li><strong>Network<\/strong>\u2014This school of thought doubled down on using network controls for security by creating smaller network segments and measuring trust of devices before network controls allow access to resources. While promising, this approach was highly complex and saw limited uptake outside a few bright spots like Google\u2019s BeyondCorp.<\/li>\n<li><strong>Identity<\/strong>\u2014Another approach, advocated by the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Jericho_Forum\" target=\"_blank\" rel=\"noopener noreferrer\">Jericho Forum<\/a>, pushed to move away from network security controls entirely with a \u201cde-perimeterisation\u201d approach. This approach was largely beyond the reach of technology available at the time but planted important seeds for the Zero Trust of today.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90182 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-2.png\" alt=\"\" width=\"2009\" height=\"1041\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-2.png 2009w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-2-300x155.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-2-768x398.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-2-1024x531.png 1024w\" sizes=\"(max-width: 2009px) 100vw, 2009px\" \/><\/a><\/p>\n<p>Microsoft ultimately recommends an approach that includes <em>both<\/em> schools of thought that leverage the transformation of the cloud to mitigate risk spanning the modern assets and (multiple generations of) legacy technology in most enterprises.<\/p>\n<h3>Prioritizing and planning Zero Trust<\/h3>\n<p>Microsoft recommends rigorous prioritization of Zero Trust efforts to maximize security return on investment (ROI). This default prioritization is based on learnings from our experience, our customers, and others in the industry.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90183 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-3.png\" alt=\"\" width=\"1789\" height=\"852\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-3.png 1789w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-3-300x143.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-3-768x366.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-3-1024x488.png 1024w\" sizes=\"(max-width: 1789px) 100vw, 1789px\" \/><\/a><\/p>\n<ol>\n<li><strong>Align strategies and teams<\/strong>\u2014Your first priority should be to get all the technical teams on the same page and establish a single enterprise segmentation strategy aligned to business needs. We often find that network, identity, and application teams each have different approaches of logically dividing up the enterprise that are incompatible with each other, creating confusion and conflict. See the CISO workshop video, <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/ciso-workshop-module-3#part-3-strategy-and-priorities-954\" target=\"_blank\" rel=\"noopener noreferrer\">Module 3 Part 3: Strategy and Priorities<\/a>, for more discussion of this topic.<\/li>\n<li><strong>Build identity-based perimeter<\/strong>\u2014Starting immediately (in parallel to priority #1), your organization should adopt identity controls like Multi-Factor Authentication (MFA) and passwordless to better protect your identities. You should quickly grow this into a phased plan that measures (and enforces) trustworthiness of users and devices accessing resources, and eventually validating trust of each resource being accessed. See the CISO workshop video, <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/ciso-workshop-module-3#part-6-build-an-identity-perimeter-1357\" target=\"_blank\" rel=\"noopener noreferrer\">Module 3 Part 6: Build an Identity Perimeter<\/a>, for more information on identity perimeters.<\/li>\n<li><strong>Refine network perimeter<\/strong>\u2014The next priority is to refine your network security strategy. Depending on your current segmentation and security posture, this could include:\n<ul>\n<li><strong>Basic segmentation\/alignment<\/strong>\u2014Adopt a clear enterprise segmentation model (built in #1) from a \u201cflat network\u201d or fragmented\/non-aligned segmentation strategy. Implementing this is often a significant undertaking that requires extensive discovery of assets and communication patterns to limit operational downtime. It\u2019s often easier to do this as you migrate to the cloud (which naturally includes this discovery) than it is to retrofit to an existing on-premises environment.<\/li>\n<li><strong>Micro-segmenting datacenter<\/strong>\u2014Implement increasingly granular controls on your datacenter network to increase attacker cost. This requires detailed knowledge of applications in the datacenter to avoid operational downtime. Like basic segmentation, this can be added during a cloud migration or a net new cloud deployment easier than retrofitting to an on-premises datacenter.<\/li>\n<li><strong>Internet first clients<\/strong>\u2014A simple but significant shift is when you move client endpoints from being on the internet part-time to full-time (versus sometimes on corporate network and sometimes remote). This is a straightforward concept, but it requires having already established a strong identity perimeter, strong endpoint security and management over the internet, publishing legacy applications to your internet clients, dedicated <a href=\"https:\/\/aka.ms\/securedworkstation\" target=\"_blank\" rel=\"noopener noreferrer\">administrative workstations<\/a>, and potentially other initiatives before \u201crolling back\u201d the firewalls from clients.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3>What good looks like<\/h3>\n<p>Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-4.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90184 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-4.png\" alt=\"\" width=\"1142\" height=\"649\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-4.png 1142w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-4-300x170.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-4-768x436.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-what-good-looks-like-4-1024x582.png 1024w\" sizes=\"(max-width: 1142px) 100vw, 1142px\" \/><\/a><\/p>\n<p>Expanding on the three principles of Zero Trust from the <a href=\"https:\/\/download.microsoft.com\/download\/f\/9\/2\/f92129bc-0d6e-4b8e-a47b-288432bae68e\/Zero_Trust_Vision_Paper_Final%2010.28.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust vision paper<\/a>\u2014Verify Explicitly, Least Privilege Access, and Assume Breach\u2014the hallmarks of a good enterprise Zero Trust strategy include:<\/p>\n<ul>\n<li><strong>Continuously measure trust and risk<\/strong>\u2014Ensure all users and devices attempting to access resources are validated as trustworthy enough to access the target resource (based on sensitivity of target resource). As technology becomes available to do it, you should also validate the trustworthiness of the target resources.<\/li>\n<li><strong>Enterprise-wide consistency<\/strong>\u2014Ensure that you have a single Zero Trust policy engine to consistently apply your organizations policy to all of your resources (versus multiple engines whose configuration could diverge). Most organizations shouldn\u2019t expect to cover all resources immediately but should invest in technology that can apply policy to all modern and legacy assets.<\/li>\n<li><strong>Enable productivity<\/strong>\u2014For successful adoption and usage, ensure that the both security and business productivity goals are appropriately represented in the policy. Make sure to include all relevant business, IT, and security stakeholders in policy design and refine the policy as the needs of the organization and threat landscape evolve. For more information, see <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/ciso-workshop-module-2#part-2-meet-productivity-and-security-goals-251\" target=\"_blank\" rel=\"noopener noreferrer\">Meet Productivity and Security Goals<\/a>.<\/li>\n<li><strong>Maximize signal to increase cost of attack\u2014<\/strong>The more measurements you include in a trust decision\u2014which reflect good\/normal behavior\u2014the more difficult\/expensive it is for attackers to mimic legitimate sign-ins and activities, deterring or degrading an attacker&#8217;s ability to damage your organization.<\/li>\n<li><strong>Fail safe<\/strong>\u2014The system operation should always stay in a safe state, even after a failed\/incorrect decision (for example, preserve life\/safety and business value via confidentiality, integrity, and availability assurances). Consider the possible and likely failures (for example, mobile device unavailable or biometrics unsuccessful) and design fallbacks to safely handle failures for both:\n<ul>\n<li>Security (for example, detection and response processes).<\/li>\n<li>Productivity (remediation mechanisms via helpdesk\/support systems).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Contain risk of attacker movement into smaller zones<\/strong>\u2014This is particularly important when you\u2019re reliant on legacy\/static controls that cannot dynamically measure and enforce trustworthiness of inbound access attempts (for example, static network controls for legacy applications\/servers\/devices).<\/li>\n<\/ul>\n<h3>Into the future<\/h3>\n<p>Over time, we expect Zero Trust will become accepted and commonplace where people simply learn it in \u201cSecurity 101\u201d (much like the least privilege principle today). Zero Trust is expected to evolve as we all become more comfortable with what this new normal entails and have ideas on how to optimize efficiency and address the attackers&#8217; ongoing attempts to find a chink in the new armor.<\/p>\n<p>\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"wp-block-msxcm-cta-block\" data-moray data-bi-an=\"CTA Block\">\n\t<div class=\"card d-block mx-ng mx-md-0\">\n\t\t<div class=\"row no-gutters\">\n\n\t\t\t\t\t\t\t<div class=\"col-md-4\">\n\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/ZeroTrust-thumbnail.png\" class=\"card-img img-object-cover\" alt=\"\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/ZeroTrust-thumbnail.png 150w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/ZeroTrust-thumbnail-100x100.png 100w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"d-flex col-md\">\n\t\t\t\t<div class=\"card-body align-self-center p-4 p-md-5\">\n\t\t\t\t\t<h2>Zero Trust<\/h2>\n\n\t\t\t\t\t<div class=\"mb-3\">\n\t\t\t\t\t\t<p>Reach the optimal state in your Zero Trust journey.<\/p>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"link-group\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/zero-trust\" class=\"btn btn-link text-decoration-none p-0\" target=\"_blank\">\n\t\t\t\t\t\t\t\t<span>Learn more<\/span>\n\t\t\t\t\t\t\t\t<span class=\"glyph-append glyph-append-chevron-right glyph-append-xsmall\"><\/span>\n\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n<\/p>\n<p>Our next blog will discuss how to make Zero Trust real in your enterprise starting with technology available today, which you may already have deployed or have access to! In the meantime, bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.<\/p>\n","protected":false},"author":96,"featured_media":90187,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3673,3679,3689],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[1906],"class_list":["post-90180","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-identity-and-access-management","topic-network-security","topic-zero-trust","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Zero Trust strategy\u2014what good looks like<\/title>\n<meta name=\"description\" content=\"Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zero Trust strategy\u2014what good looks like\" \/>\n<meta property=\"og:description\" content=\"Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-11T17:00:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:28:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-SOCIAL.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mark Simos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-SOCIAL.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Simos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-simos\/\",\"@type\":\"Person\",\"@name\":\"Mark Simos\"}],\"headline\":\"Zero Trust strategy\u2014what good looks like\",\"datePublished\":\"2019-11-11T17:00:11+00:00\",\"dateModified\":\"2023-05-16T06:28:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\"},\"wordCount\":1538,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png\",\"keywords\":[\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\",\"name\":\"Zero Trust strategy\u2014what good looks like\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png\",\"datePublished\":\"2019-11-11T17:00:11+00:00\",\"dateModified\":\"2023-05-16T06:28:42+00:00\",\"description\":\"Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png\",\"width\":440,\"height\":268},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zero Trust strategy\u2014what good looks like\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zero Trust strategy\u2014what good looks like","description":"Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/","og_locale":"en_US","og_type":"article","og_title":"Zero Trust strategy\u2014what good looks like","og_description":"Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-11-11T17:00:11+00:00","article_modified_time":"2023-05-16T06:28:42+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-SOCIAL.png","type":"image\/png"}],"author":"Mark Simos","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-SOCIAL.png","twitter_misc":{"Written by":"Mark Simos","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-simos\/","@type":"Person","@name":"Mark Simos"}],"headline":"Zero Trust strategy\u2014what good looks like","datePublished":"2019-11-11T17:00:11+00:00","dateModified":"2023-05-16T06:28:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/"},"wordCount":1538,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png","keywords":["Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/","name":"Zero Trust strategy\u2014what good looks like","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png","datePublished":"2019-11-11T17:00:11+00:00","dateModified":"2023-05-16T06:28:42+00:00","description":"Zero Trust is a model that will ultimately be infused throughout your enterprise and should inform virtually all access decisions and interactions between systems.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/11\/Zero-Trust-strategy-FI.png","width":440,"height":268},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/11\/11\/zero-trust-strategy-what-good-looks-like\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Zero Trust strategy\u2014what good looks like"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90180"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=90180"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/90180\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/90187"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=90180"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=90180"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=90180"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=90180"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=90180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=90180"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=90180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}